CVE-2019-10880 - Vulnerability Details

Vendors	Products
Xerox	Colorqube 8700 Colorqube 8700 Firmware Colorqube 8900 Colorqube 8900 Firmware Colorqube 9301 Colorqube 9301 Firmware Colorqube 9302 Colorqube 9302 Firmware Colorqube 9303 Colorqube 9303 Firmware

Link	Providers
https://airbus-seclab.github.io/
https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "AltaLink B8045/B8055/B8065/B8075/B8090", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "101.008.008.27400", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "AltaLink C8030/C8035/C8045/C8055/C8070", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "101.001.008.27400", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 3655", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.060.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 5845/5855/5865/5875/5890", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.190.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 5945/5955", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.091.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 6655", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.110.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7220/7225", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.030.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7830/7835/7845/7855", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.010.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7970", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.200.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre EC7836/EC7856", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.020.167.17200", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "ColorQube 9301/9302/9303", "vendor": "XEROX", "versions": [{"lessThan": "072.xxx.009.07200", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "ColorQube 8700/8900", "vendor": "XEROX", "versions": [{"lessThan": "072.xxx.009.07200", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 6400", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "061.070.100.24201", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "Phaser 6700", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "081.140.103.22600", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "Phaser 7800", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "081.150.103.05600", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 5735/5740/5745/5755/5765/5775/5790", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "061.132.221.21403", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7525/7530/7535/7545/7556", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "061.121.224.18803", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7755/7765/7775", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "061.090.220.19700", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Rapha\u00c3\u00abl Rigo from the Airbus Security Lab"}], "datePublic": "2019-02-25T00:00:00", "descriptions": [{"lang": "en", "value": "Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the \"nobody\" user through a crafted \"HTTP\" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-12T17:37:54", "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4", "shortName": "airbus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://airbus-seclab.github.io/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}], "solutions": [{"lang": "en", "value": "A fix for some models is available."}], "source": {"discovery": "INTERNAL"}, "workarounds": [{"lang": "en", "value": "There are no known workarounds for now available."}], "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@airbus.com", "ID": "CVE-2019-10880", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AltaLink B8045/B8055/B8065/B8075/B8090", "version": {"version_data": [{"version_affected": "?<=", "version_value": "101.008.008.27400"}]}}, {"product_name": "AltaLink C8030/C8035/C8045/C8055/C8070", "version": {"version_data": [{"version_affected": "?<=", "version_value": "101.001.008.27400"}]}}, {"product_name": "WorkCentre 3655", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.060.075.34540"}]}}, {"product_name": "WorkCentre 5845/5855/5865/5875/5890", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.190.075.34540"}]}}, {"product_name": "WorkCentre 5945/5955", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.091.075.34540"}]}}, {"product_name": "WorkCentre 6655", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.110.075.34540"}]}}, {"product_name": "WorkCentre 7220/7225", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.030.075.34540"}]}}, {"product_name": "WorkCentre 7830/7835/7845/7855", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.010.075.34540"}]}}, {"product_name": "WorkCentre 7970", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.200.075.34540"}]}}, {"product_name": "WorkCentre EC7836/EC7856", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.020.167.17200"}]}}, {"product_name": "ColorQube 9301/9302/9303", "version": {"version_data": [{"version_affected": "<", "version_value": "072.xxx.009.07200"}]}}, {"product_name": "ColorQube 8700/8900", "version": {"version_data": [{"version_affected": "<", "version_value": "072.xxx.009.07200"}]}}, {"product_name": "WorkCentre 6400", "version": {"version_data": [{"version_affected": "?<=", "version_value": "061.070.100.24201"}]}}, {"product_name": "Phaser 6700", "version": {"version_data": [{"version_affected": "?<=", "version_value": "081.140.103.22600"}]}}, {"product_name": "Phaser 7800", "version": {"version_data": [{"version_affected": "?<=", "version_value": "081.150.103.05600"}]}}, {"product_name": "WorkCentre 5735/5740/5745/5755/5765/5775/5790", "version": {"version_data": [{"version_affected": "?<=", "version_value": "061.132.221.21403"}]}}, {"product_name": "WorkCentre 7525/7530/7535/7545/7556", "version": {"version_data": [{"version_affected": "?<=", "version_value": "061.121.224.18803"}]}}, {"product_name": "WorkCentre 7755/7765/7775", "version": {"version_data": [{"version_affected": "?<=", "version_value": "061.090.220.19700"}]}}]}, "vendor_name": "XEROX"}]}}, "credit": [{"lang": "eng", "value": "Rapha\u00c3\u00abl Rigo from the Airbus Security Lab"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the \"nobody\" user through a crafted \"HTTP\" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78 OS Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://airbus-seclab.github.io/", "refsource": "MISC", "url": "https://airbus-seclab.github.io/"}, {"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf", "refsource": "CONFIRM", "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}]}, "solution": [{"lang": "en", "value": "A fix for some models is available."}], "source": {"discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "There are no known workarounds for now available."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:32:02.151Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://airbus-seclab.github.io/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4", "assignerShortName": "airbus", "cveId": "CVE-2019-10880", "datePublished": "2019-04-12T17:37:54", "dateReserved": "2019-04-05T00:00:00", "dateUpdated": "2024-08-04T22:32:02.151Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : AltaLink B8045/B8055/B8065/B8075/B8090 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 101.008.008.27400 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

1 : { »

product : AltaLink C8030/C8035/C8045/C8055/C8070 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 101.001.008.27400 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

2 : { »

product : WorkCentre 3655 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 073.060.075.34540 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

3 : { »

product : WorkCentre 5845/5855/5865/5875/5890 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 073.190.075.34540 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

4 : { »

product : WorkCentre 5945/5955 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 073.091.075.34540 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

5 : { »

product : WorkCentre 6655 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 073.110.075.34540 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

6 : { »

product : WorkCentre 7220/7225 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 073.030.075.34540 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

7 : { »

product : WorkCentre 7830/7835/7845/7855 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 073.010.075.34540 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

8 : { »

product : WorkCentre 7970 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 073.200.075.34540 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

9 : { »

product : WorkCentre EC7836/EC7856 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 073.020.167.17200 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

10 : { »

product : ColorQube 9301/9302/9303 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThan : 072.xxx.009.07200 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

11 : { »

product : ColorQube 8700/8900 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThan : 072.xxx.009.07200 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

12 : { »

product : WorkCentre 6400 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 061.070.100.24201 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

13 : { »

product : Phaser 6700 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 081.140.103.22600 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

14 : { »

product : Phaser 7800 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 081.150.103.05600 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

15 : { »

product : WorkCentre 5735/5740/5745/5755/5765/5775/5790 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 061.132.221.21403 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

16 : { »

product : WorkCentre 7525/7530/7535/7545/7556 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 061.121.224.18803 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

17 : { »

product : WorkCentre 7755/7765/7775 (string)

vendor : XEROX (string)

versions : [ »

0 : { »

lessThanOrEqual : 061.090.220.19700 (string)

status : unknown (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : RaphaÃ«l Rigo from the Airbus Security Lab (string)

}

]

datePublic : 2019-02-25T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-78 (string)

description : CWE-78 OS Command Injection (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-04-12T17:37:54 (string)

orgId : 24a3c815-5f22-4d74-967a-30958d6466f4 (string)

shortName : airbus (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://airbus-seclab.github.io/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : A fix for some models is available. (string)

}

]

source : { »

discovery : INTERNAL (string)

}

workarounds : [ »

0 : { »

lang : en (string)

value : There are no known workarounds for now available. (string)

}

]

x_generator : { »

engine : Vulnogram 0.0.6 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cert@airbus.com (string)

ID : CVE-2019-10880 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : AltaLink B8045/B8055/B8065/B8075/B8090 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 101.008.008.27400 (string)

}

]

}

1 : { »

product_name : AltaLink C8030/C8035/C8045/C8055/C8070 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 101.001.008.27400 (string)

}

]

}

2 : { »

product_name : WorkCentre 3655 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 073.060.075.34540 (string)

}

]

}

3 : { »

product_name : WorkCentre 5845/5855/5865/5875/5890 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 073.190.075.34540 (string)

}

]

}

4 : { »

product_name : WorkCentre 5945/5955 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 073.091.075.34540 (string)

}

]

}

5 : { »

product_name : WorkCentre 6655 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 073.110.075.34540 (string)

}

]

}

6 : { »

product_name : WorkCentre 7220/7225 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 073.030.075.34540 (string)

}

]

}

7 : { »

product_name : WorkCentre 7830/7835/7845/7855 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 073.010.075.34540 (string)

}

]

}

8 : { »

product_name : WorkCentre 7970 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 073.200.075.34540 (string)

}

]

}

9 : { »

product_name : WorkCentre EC7836/EC7856 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 073.020.167.17200 (string)

}

]

}

10 : { »

product_name : ColorQube 9301/9302/9303 (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 072.xxx.009.07200 (string)

}

]

}

11 : { »

product_name : ColorQube 8700/8900 (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 072.xxx.009.07200 (string)

}

]

}

12 : { »

product_name : WorkCentre 6400 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 061.070.100.24201 (string)

}

]

}

13 : { »

product_name : Phaser 6700 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 081.140.103.22600 (string)

}

]

}

14 : { »

product_name : Phaser 7800 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 081.150.103.05600 (string)

}

]

}

15 : { »

product_name : WorkCentre 5735/5740/5745/5755/5765/5775/5790 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 061.132.221.21403 (string)

}

]

}

16 : { »

product_name : WorkCentre 7525/7530/7535/7545/7556 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 061.121.224.18803 (string)

}

]

}

17 : { »

product_name : WorkCentre 7755/7765/7775 (string)

version : { »

version_data : [ »

0 : { »

version_affected : ?<= (string)

version_value : 061.090.220.19700 (string)

}

]

}

]

}

vendor_name : XEROX (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : RaphaÃ«l Rigo from the Airbus Security Lab (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.6 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-78 OS Command Injection (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://airbus-seclab.github.io/ (string)

refsource : MISC (string)

url : https://airbus-seclab.github.io/ (string)

}

1 : { »

name : https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf (string)

refsource : CONFIRM (string)

url : https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf (string)

}

]

}

solution : [ »

0 : { »

lang : en (string)

value : A fix for some models is available. (string)

}

]

source : { »

discovery : INTERNAL (string)

}

work_around : [ »

0 : { »

lang : en (string)

value : There are no known workarounds for now available. (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T22:32:02.151Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://airbus-seclab.github.io/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 24a3c815-5f22-4d74-967a-30958d6466f4 (string)

assignerShortName : airbus (string)

cveId : CVE-2019-10880 (string)

datePublished : 2019-04-12T17:37:54 (string)

dateReserved : 2019-04-05T00:00:00 (string)

dateUpdated : 2024-08-04T22:32:02.151Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_8700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2CDCD57-1A53-41C3-AE50-4EFAD1F8E636", "versionEndExcluding": "072.161.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_8700:-:*:*:*:*:*:*:*", "matchCriteriaId": "2764BB3A-9201-49C4-9774-C8906FE14741", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_8900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FB5A103-83B9-4684-9B11-04C9A9001354", "versionEndExcluding": "072.161.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_8900:-:*:*:*:*:*:*:*", "matchCriteriaId": "59018173-83A8-4389-8AE2-BB987144C1A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_9301_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E24AA3BC-06CC-4D61-9A43-939B6289F7C4", "versionEndExcluding": "072.180.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_9301:-:*:*:*:*:*:*:*", "matchCriteriaId": "99B41C5B-0045-49E8-B34D-67FD42449B44", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_9302_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "727615E8-7289-4B06-89C2-3B9D0597C8D9", "versionEndExcluding": "072.180.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_9302:-:*:*:*:*:*:*:*", "matchCriteriaId": "A20F7D5C-7187-40E3-8C3F-3F70729AF2CE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_9303_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "58960946-14EF-4FDB-9735-C0B1060384C9", "versionEndExcluding": "072.180.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_9303:-:*:*:*:*:*:*:*", "matchCriteriaId": "847E973A-3C1A-4969-B6BD-E56CC49BC7AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the \"nobody\" user through a crafted \"HTTP\" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary."}, {"lang": "es", "value": "En m\u00faltiples productos XEROX, una vulnerabilidad permite la ejecuci\u00f3n remota de comandos en el sistema Linux, como el usuario \"nobody\", a trav\u00e9s de una petici\u00f3n \"HTTP\" modificada (vulnerabilidad de inyecci\u00f3n de comandos en el sistema operativo en la interfaz HTTP). Dependiendo de la configuraci\u00f3n, la autenticaci\u00f3n puede no ser necesaria."}], "id": "CVE-2019-10880", "lastModified": "2024-11-21T04:20:02.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cert@airbus.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-12T18:29:01.177", "references": [{"source": "cert@airbus.com", "tags": ["Not Applicable"], "url": "https://airbus-seclab.github.io/"}, {"source": "cert@airbus.com", "tags": ["Vendor Advisory"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://airbus-seclab.github.io/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}], "sourceIdentifier": "cert@airbus.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "cert@airbus.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:xerox:colorqube_8700_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D2CDCD57-1A53-41C3-AE50-4EFAD1F8E636 (string)

versionEndExcluding : 072.161.009.07200 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:xerox:colorqube_8700:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2764BB3A-9201-49C4-9774-C8906FE14741 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:xerox:colorqube_8900_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1FB5A103-83B9-4684-9B11-04C9A9001354 (string)

versionEndExcluding : 072.161.009.07200 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:xerox:colorqube_8900:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 59018173-83A8-4389-8AE2-BB987144C1A5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:xerox:colorqube_9301_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E24AA3BC-06CC-4D61-9A43-939B6289F7C4 (string)

versionEndExcluding : 072.180.009.07200 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:xerox:colorqube_9301:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 99B41C5B-0045-49E8-B34D-67FD42449B44 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:xerox:colorqube_9302_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 727615E8-7289-4B06-89C2-3B9D0597C8D9 (string)

versionEndExcluding : 072.180.009.07200 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:xerox:colorqube_9302:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A20F7D5C-7187-40E3-8C3F-3F70729AF2CE (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:xerox:colorqube_9303_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 58960946-14EF-4FDB-9735-C0B1060384C9 (string)

versionEndExcluding : 072.180.009.07200 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:xerox:colorqube_9303:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 847E973A-3C1A-4969-B6BD-E56CC49BC7AD (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary. (string)

}

1 : { »

lang : es (string)

value : En múltiples productos XEROX, una vulnerabilidad permite la ejecución remota de comandos en el sistema Linux, como el usuario "nobody", a través de una petición "HTTP" modificada (vulnerabilidad de inyección de comandos en el sistema operativo en la interfaz HTTP). Dependiendo de la configuración, la autenticación puede no ser necesaria. (string)

}

]

id : CVE-2019-10880 (string)

lastModified : 2024-11-21T04:20:02.213 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : cert@airbus.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-04-12T18:29:01.177 (string)

references : [ »

0 : { »

source : cert@airbus.com (string)

tags : [ »

0 : Not Applicable (string)

]

url : https://airbus-seclab.github.io/ (string)

}

1 : { »

source : cert@airbus.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

]

url : https://airbus-seclab.github.io/ (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf (string)

}

]

sourceIdentifier : cert@airbus.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-78 (string)

}

]

source : cert@airbus.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-78 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object